From 7c7b387cc323bc372fe15f62fb1efdfb705e02a3 Mon Sep 17 00:00:00 2001
From: Greg Beaver <cellog@php.net>
Date: Fri, 25 Apr 2008 04:35:10 +0000
Subject: [PATCH] fix potentially serious security issue: buffer overrun if the
 tar filename > 101 characters in length.  This fixes tests/tar/bignames.phpt

---
 ext/phar/tar.c | 7 ++++++-
 1 file changed, 6 insertions(+), 1 deletion(-)

diff --git a/ext/phar/tar.c b/ext/phar/tar.c
index 7c804d5d62..fccc33c5a7 100644
--- a/ext/phar/tar.c
+++ b/ext/phar/tar.c
@@ -208,7 +208,12 @@ int phar_open_tarfile(php_stream* fp, char *fname, int fname_len, char *alias, i
 			char name[256];
 
 			strcpy(name, hdr->prefix);
-			strcat(name, hdr->name);
+			/* remove potential buffer overflow */
+			if (hdr->name[99]) {
+				strncat(name, hdr->name, 100);
+			} else {
+				strcat(name, hdr->name);
+			}
 			entry.filename_len = strlen(hdr->prefix) + 100;
 			if (name[entry.filename_len - 1] == '/') {
 				/* some tar programs store directories with trailing slash */
-- 
2.50.1